This content has been marked as final.
Show 1 reply
-
1. Re: anyone know of a fix for this critical vulnerability?
starksm64 Jun 20, 2005 10:29 AM (in response to adrianwilford)If you read the security advisory, the fix is mentioned at the end. Edit the conf/jboss-service.xml and set the DownloadServerClasses attribute to false in the WebService mbean configuration:
<mbean code="org.jboss.web.WebService" name="jboss:service=WebService"> <attribute name="Port">8083</attribute> <!-- Should resources and non-EJB classes be downloadable --> <!-- old <attribute name="DownloadServerClasses">true</attribute> --> <!-- new --> <attribute name="DownloadServerClasses">false</attribute> <attribute name="Host">${jboss.bind.address}</attribute> <attribute name="BindAddress">${jboss.bind.address}</attribute> </mbean>